highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2026-01-20 07:09:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
bd4f4782f23b59f8ddd608e1b5a3690e134f2a0e
bitcoin/src/test/fuzz/strprintf.cpp
MarcoFalke fa5f297748 scripted-diff: [doc] Unify stale copyright headers 
-BEGIN VERIFY SCRIPT-

 sed --in-place --regexp-extended \
   's;( 20[0-2][0-9])(-20[0-2][0-9])? The Bitcoin Core developers;\1-present The Bitcoin Core developers;g' \
   $( git grep -l 'The Bitcoin Core developers' -- ':(exclude)COPYING' ':(exclude)src/ipc/libmultiprocess' ':(exclude)src/minisketch' )

-END VERIFY SCRIPT-
2025-12-16 22:21:15 +01:00

126 lines
4.7 KiB
C++
Raw Blame History

// Copyright (c) 2020-present The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
#include <test/fuzz/FuzzedDataProvider.h>
#include <test/fuzz/fuzz.h>
#include <test/fuzz/util.h>
#include <tinyformat.h>
#include <util/strencodings.h>
#include <util/translation.h>
#include <algorithm>
#include <cstdint>
#include <string>
#include <vector>
template <typename... Args>
void fuzz_fmt(const std::string& fmt, const Args&... args)
{
(void)tfm::format(tfm::RuntimeFormat{fmt}, args...);
}
FUZZ_TARGET(str_printf)
{
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
const std::string format_string = fuzzed_data_provider.ConsumeRandomLengthString(64);
const int digits_in_format_specifier = std::count_if(format_string.begin(), format_string.end(), IsDigit);
// Avoid triggering the following crash bug:
// * strprintf("%987654321000000:", 1);
//
// Avoid triggering the following OOM bug:
// * strprintf("%.222222200000000$", 1.1);
//
// Upstream bug report: https://github.com/c42f/tinyformat/issues/70
if (format_string.find('%') != std::string::npos && digits_in_format_specifier >= 7) {
return;
}
// Avoid triggering the following crash bug:
// * strprintf("%1$*1$*", -11111111);
//
// Upstream bug report: https://github.com/c42f/tinyformat/issues/70
if (format_string.find('%') != std::string::npos && format_string.find('$') != std::string::npos && format_string.find('*') != std::string::npos && digits_in_format_specifier > 0) {
return;
}
// Avoid triggering the following crash bug:
// * strprintf("%.1s", (char*)nullptr);
//
// (void)strprintf(format_string, (char*)nullptr);
//
// Upstream bug report: https://github.com/c42f/tinyformat/issues/70
try {
CallOneOf(
fuzzed_data_provider,
[&] {
fuzz_fmt(format_string, fuzzed_data_provider.ConsumeRandomLengthString(32));
},
[&] {
fuzz_fmt(format_string, fuzzed_data_provider.ConsumeRandomLengthString(32).c_str());
},
[&] {
fuzz_fmt(format_string, fuzzed_data_provider.ConsumeIntegral<signed char>());
},
[&] {
fuzz_fmt(format_string, fuzzed_data_provider.ConsumeIntegral<unsigned char>());
},
[&] {
fuzz_fmt(format_string, fuzzed_data_provider.ConsumeIntegral<char>());
},
[&] {
fuzz_fmt(format_string, fuzzed_data_provider.ConsumeBool());
});
} catch (const tinyformat::format_error&) {
}
if (format_string.find('%') != std::string::npos && format_string.find('c') != std::string::npos) {
// Avoid triggering the following:
// * strprintf("%c", 1.31783e+38);
// tinyformat.h:244:36: runtime error: 1.31783e+38 is outside the range of representable values of type 'char'
return;
}
if (format_string.find('%') != std::string::npos && format_string.find('*') != std::string::npos) {
// Avoid triggering the following:
// * strprintf("%*", -2.33527e+38);
// tinyformat.h:283:65: runtime error: -2.33527e+38 is outside the range of representable values of type 'int'
// * strprintf("%*", -2147483648);
// tinyformat.h:763:25: runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
return;
}
try {
CallOneOf(
fuzzed_data_provider,
[&] {
fuzz_fmt(format_string, fuzzed_data_provider.ConsumeFloatingPoint<float>());
},
[&] {
fuzz_fmt(format_string, fuzzed_data_provider.ConsumeFloatingPoint<double>());
},
[&] {
fuzz_fmt(format_string, fuzzed_data_provider.ConsumeIntegral<int16_t>());
},
[&] {
fuzz_fmt(format_string, fuzzed_data_provider.ConsumeIntegral<uint16_t>());
},
[&] {
fuzz_fmt(format_string, fuzzed_data_provider.ConsumeIntegral<int32_t>());
},
[&] {
fuzz_fmt(format_string, fuzzed_data_provider.ConsumeIntegral<uint32_t>());
},
[&] {
fuzz_fmt(format_string, fuzzed_data_provider.ConsumeIntegral<int64_t>());
},
[&] {
fuzz_fmt(format_string, fuzzed_data_provider.ConsumeIntegral<uint64_t>());
});
} catch (const tinyformat::format_error&) {
}
}
Reference in New Issue View Git Blame Copy Permalink